Analysis Overview
Threat Level: Shows suspicious behavior
The file https://google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Browser Information Discovery
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-18 10:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-18 10:51
Reported
2024-08-18 10:54
Platform
win10v2004-20240802-en
Max time kernel
162s
Max time network
160s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\dota2maphack.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684519821945595" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f7f46f8,0x7ffa3f7f4708,0x7ffa3f7f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa2e2acc40,0x7ffa2e2acc4c,0x7ffa2e2acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4548,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3556,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4540,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3520 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3496,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5436,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18972:86:7zEvent20954
C:\Users\Admin\Downloads\dota2maphack.exe
"C:\Users\Admin\Downloads\dota2maphack.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.201.174:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m1r.ai | udp |
| US | 172.67.179.156:80 | m1r.ai | tcp |
| US | 172.67.179.156:80 | m1r.ai | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.179.156:80 | m1r.ai | tcp |
| US | 172.67.179.156:80 | m1r.ai | tcp |
| US | 172.67.179.156:80 | m1r.ai | tcp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 8.8.8.8:53 | support.cloudflare.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 154.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.179.67.172.in-addr.arpa | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | up.m1r.ai | udp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 172.67.179.156:443 | up.m1r.ai | tcp |
| US | 8.8.8.8:53 | 34.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 172.67.179.156:443 | up.m1r.ai | tcp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| US | 172.67.179.156:80 | up.m1r.ai | tcp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 172.67.179.156:443 | up.m1r.ai | tcp |
| US | 172.67.179.156:443 | up.m1r.ai | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 172.67.179.156:443 | up.m1r.ai | udp |
| N/A | 192.168.1.44:80 | tcp | |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
\??\pipe\LOCAL\crashpad_3980_ZCCFSSZPHCNDDPJG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d1a7f682a8b3684b6ee97da09e1e1e6 |
| SHA1 | 2f05cee8069f3c33bd80eb7dca4b4bdd98406430 |
| SHA256 | be3527b55ecf8f7b796e27d912469b46418d381e83677af4eb761e33ae01b0e1 |
| SHA512 | ff35125d61655f650d4ac9930fc79b549d9f99f9b07630a3259bd7e19058342dcd275e8d58a8a0371e529912c7248f3789aa2dffe74d498bbc33dd025e0dd08d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6199222400b86078ed86576dc9eec2ca |
| SHA1 | 7b5fa788b048e461de6684ae7955889244564678 |
| SHA256 | 1669b03fc77d09d8021db8ff1b65c7d87770158ce0e11f824077912dbd298fb2 |
| SHA512 | 33144e3d08afe915be73637838776c0c3a3e089ded1b09960b93c5d1abeca73d3e9d80ec3e9285eaf2ec18c2f36dafb282c24f2c235c9a5332ce948425785d86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efc3ace456abe112e699ab68c01190b7 |
| SHA1 | 0ec91df22237c39a92d92fadc27ce85e034e2c4f |
| SHA256 | 72a58a64e533906e6589271d6ead85d73ce16f449a8b8171dc7210d085f79f2b |
| SHA512 | 49a23d09d58fea0eff63d0a54dd3cab99b28be6b24aaa8667b21d75bf2ff6e8d09fa9d2627d4f32caebe9794484e090f43c436ac0cd8473a39a6f0dc710ba3ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d421108edefc83598f690cbfba2fed36 |
| SHA1 | e70d1109cae470850fd429e9e497be7a12307512 |
| SHA256 | 2ebc35650973ee3654e207213b163b84f710d98e00454d14da6932557ee6173b |
| SHA512 | 7e43f77615579c999c022026cdb786aa20d103e7217765728b2cbe2290c35f08d22877d7dab40c780da3ccf600d77f6630a74096416eec48d01d1cdcaf145e54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15da48a2568a5a0d13f13a52caaa0991 |
| SHA1 | 5e6ddde5b80358fe73552652ec0cf96ae5044dfc |
| SHA256 | 815651b2b390684c84bd98db2df86b7ed014df9024c2ab9044eeaff2b4a84820 |
| SHA512 | 390d25b02f66c96286201d0d5791cfe3520cea5830eeba958ec69629afa2fe213efc7c49e1076831151f8c027fb3b7933c7f6682f64b70ee903475d0c83b89fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7769eccc582c8caca74463be37e12deb |
| SHA1 | 393b2c918fc5b50daa1ca2488f856a5241cc4b45 |
| SHA256 | 8b24eb5a36d4264dff6659d0380d90fd90e424a5c5b13fa52f7e151e0d15ce11 |
| SHA512 | 5fcc91afea566ed69aaf681c9b7e5a212011d362a234156d32c6a01e3b65d8da325271b51d1a197d1cef1a6e4a91cb431ef56f98253410bef7d59db4fcb632bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5bc8345ba95c336cd8e6baa44eaa4634 |
| SHA1 | 7906e6c37a18561ce0a6b8cbfa5d87840e6a0105 |
| SHA256 | 51fb4266245dfc3b30d92a90c3476e9c7f872108e1b4e74f64bfc468cc8b280f |
| SHA512 | 144313e9d4cb8e961a2fe9dc0e9a9b2f93904c899571fc9c37ad465384d997016e84d78f4afd0edb45525d0fb29e0014f36e9bbd5c408d837b60e6c996bd45bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2ee059d51138263561866fa23718d4c |
| SHA1 | 6c62ff79ee7967e310f7fd3cded18704b53ebc80 |
| SHA256 | c376a69ee00f9daf4f338efb59798039f286302a773e06a2d7e7a6517f1373a3 |
| SHA512 | 86e84196be4b0b583637137459f992ed5c60eab1d23d0c66b318a1ead444dbea7cb22a2ebf52898d4369a4e019a3466e1d13e45bd2fd50c40e9abeb43bd4033f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27012f8b38d2bb582b01a522f3f54d94 |
| SHA1 | bc1c4549c881d2640c9f8cf43376fdc63764b3cc |
| SHA256 | decfc0765135cc913f8bcea48b8b24c7a114b9158fcc619592327045bb533d17 |
| SHA512 | 8b89b8d10787dedc76dd2f83934151f1c01e39fdc85b7e587c791cc38113d2aef0ce34ad84e00b6db91a4d2383b2ae7e14f8732a98e875c85f032290c0388896 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f7d2b753a751be4201412ba3c60a540f |
| SHA1 | 11a4a43ca3de74de1b5cfe63f7edbc78c1ec54bd |
| SHA256 | 69479c1ca743f78eab7cd27585551e98f10f29177f03cec912707c2b8489b9a7 |
| SHA512 | 3d9c7878229c6030f6afec2c67bec320ea0b1129d58bd0cafaa77c105cca60abd1bbff4f8367931273194bcff06bc6f076597c321e80de2d871000f994cb0443 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7dcfc4f0d7ee1cf3dfc7f1117e1dfaf0 |
| SHA1 | ae3a4eb76cccebc13f451369e20f8c4c7d829e47 |
| SHA256 | 015a4ea76ef3775298eaf57e2a93a9091432c3bd04a4e8ebd2d9da413a7540d9 |
| SHA512 | 9243503d235caab1f07297f50ecdccbc65edd90779a2967a3aaf6b471d5fb61d5216df30d1bb666f147877e864be235ada5e28e24ebd82871fd9ca55b8725241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 472a5e801d10fc13736bf2e262327a1a |
| SHA1 | 4c460bc06562d98f9d953046ab644a4925c230a0 |
| SHA256 | c0503fe3ad567ce57341e0fa4afafd673c46569c1df372661173c47221086d6b |
| SHA512 | d616b781fca08e05c2f9bad7e2656498d49b6960e7d065d8813648a570e42907ea85f5a57b2faeef4adc0c0094bdad70d43e93993716b737acfb28e6f74483ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da3ac72e3ee833ea69c1cfec85dbee08 |
| SHA1 | 97c50ff2600f07c12be10f3dd660af2629e7067d |
| SHA256 | 2d7c1c3cfd6c9c55be42a429c97c36048497195404a0e13e6d6f12fa735b350f |
| SHA512 | 2868fbc6f295c21c2f738d400462e80aa34b35a2a876625e555cd55f86f16bca62780d5ac02fb67d1b5531976b5ea0b7456c18b0d7e04e844c235ad7c5c04f6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e9a4473633651918e76a05e01512def5 |
| SHA1 | e382dde4dcdcc81d2995f7952deceb6a9a428ff5 |
| SHA256 | 1ff04148d9b812e4b1c347c26d1b8d40b540b9eedfd3f371899406953bb86661 |
| SHA512 | 0b510cb9f045b4cb65deb7223138db4abf602ce9a01e048809763b17d2fc07eba62a00d7ad85cfc47f31a0dbd78df0cadf66eee3850d9f1e8bd16b722089e51c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 057d706c619397622dc2fb9c3eca0d84 |
| SHA1 | 851f8db8dcc87c0f948b61bd49bcf3ba7bd37c55 |
| SHA256 | c796407f8c2eb799cfea921ccec55deb1f33b931d7065c001c3e0f4d6c93517d |
| SHA512 | 98bac45bfda08f15782b1f628f4b2d8d22c8c8e114785e0840e56698c705a6feb12bb81b4687e5207fbb1a5b76e3d08185b6bfd6311248cb16504a4eb1b1eb80 |
C:\Users\Admin\Downloads\Exela.zip.crdownload
| MD5 | ec638f00dec0f6fc493ff3ca46e0b647 |
| SHA1 | 311df1b92cc2bfafa60be3df1b8956de028e6a99 |
| SHA256 | 442db2bab424c56c75470821c35022f6a79cb08a4a83ef13bcdf72e25d274b9d |
| SHA512 | 816a1f28e95ff80e22df286d7c2a6e150f0de224fe3a1f10d618db8908e1647da98310aeacc349a25769214c165a6e69603e75530c09d2e2ccf9e5a9530b8406 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 05f6b28ea5efc42b5f321d5c1c3463e9 |
| SHA1 | 4147d6b37101adb7a8859cf34e4f8a2bb613a5dc |
| SHA256 | 60d8ce0b8be1be4a4172ca1fdfa54441547437b68fe5da13ee63efea11e9dcf3 |
| SHA512 | d5e067392f25e7629525d32cabd1b9d8f952a60ee0741946cc9637cc1a375fbd54daf3dc650377da6e7aa7f615f3fec5444f7a277dea58e09fce8fb021033c52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07f12ab067d544f205dd7f4b268fca48 |
| SHA1 | fbabab7171e9fcefcdd57e4d19ae0246c7d753c5 |
| SHA256 | e855a8e4af91e52241dd6c7db8aef89f42028a97971fd17d918b9d749d9344b4 |
| SHA512 | 4ff14f9e57979b9327b3b69184e5f99bb9c9a70a54966ab6452fa418d22453654ba755f4fe751addf806c74a8cc979bf8f8fef56a919886291ea2aa591b205b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 60babd245e3543841a03e10f5e535436 |
| SHA1 | 341332485a27090951f0e1951eef9cbe51356d8c |
| SHA256 | e459be52cbe99c37552a16ff0b84d5260fd6a0d345066102bdd2be1f7ad30a62 |
| SHA512 | 36dff9353ea69a9e331c1a4db4d6704078276d2de7f2e13bc285d3cecc29b99a5db46567ddd32a27d738d19c7b5d37e9b1df1d981273c0fd52393ff7a3102a98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c11b1f5284dac87f6f8dd2e59423bcdd |
| SHA1 | b4c7df49b7c7a3fe59366b3ad9d6698471b0d051 |
| SHA256 | 7986324a0731445a154daf7d611e375fe27163c720b1c826f878b170f7bd2b7b |
| SHA512 | ffb0cc8748f7f7f441d3cf915d029ce2386f90935500cce45902055b159bd2e09578d35a1b578923879181a3bf9311c02023838ed4c6f94d4af7432ff57e564c |
C:\Users\Admin\Downloads\dota2maphack.zip
| MD5 | 1679ac78d44bbaa82103d073e3f62c29 |
| SHA1 | b4b5bb550c5b4a9047dfab49c29686fe2883a3e5 |
| SHA256 | 4c6560c3abef012a78618c92619b03bedd483be09477c9fe40037a52d4a04280 |
| SHA512 | 05dc021d740bc308fda3bdc27a4642d983a009fb495bdc6844e7a5a4522907a7b9bae9e40a8692edfa34aac19272aa0c59cababbd1eab64d96ba0ae3f630c2d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7e7537ab9159fddd13df019a46459ce |
| SHA1 | a2d05d8307ed2e7ef8209aa95175a2f1ad66b793 |
| SHA256 | db94883b6f41a9f62ac5551be6b1d3316bd10d1879159f1c63333e11aba56d68 |
| SHA512 | aaf534b4a8bc5e99a5e8efdd8ba51cde21839b8738b63ef0b95144dc62c0d5d08ff041a9734e7690097928afc94d959b892d796bb37b6d4b4ef4e29381e47d88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8ea6536633bb9eae605594afac7741d9 |
| SHA1 | 34c98cdaf2cf0367a8c775cefe18781ef7c391b7 |
| SHA256 | ff2a91f0e473c4c316d44e1e8f73816769d0f00dd567fb5cebee6314e3919ece |
| SHA512 | 50b634d0397aebb144e0e38244247f3b36269ab3de645e12107e5190c86a4b19de59d4c3a0519f58c1db0acf86369f3974e68912b347d189298eef587eb90e80 |
C:\Users\Admin\Downloads\dota2maphack.exe
| MD5 | ba440ead8128cdb67b4bda06210e340f |
| SHA1 | ffb4456fc497b048caf641e67d81d3e42b09a70b |
| SHA256 | 400107ce590451ebc8b11fa6b25499f64b9646760e23bfe84a330d625c9b0f9e |
| SHA512 | ac166f5e62309dc367397d9b2353b82e94d276f1b7a70b4e6345ac0d92adb9743ff574964c48599f1a48b9dd1f407ed62faa8c08c88702898eea3698e45be153 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6be1cfac690536b7ff9f4e1581f08cd |
| SHA1 | c9c453c555abc3fc341fe7cbdd5faeabf882ed38 |
| SHA256 | c824b51998fef9dea629fe4a514a6479e0294013a68256afbaa0ca70232fbe12 |
| SHA512 | ee213922276a60fa2714f52d9cca1125af0f45f74df4f28b8c5f1397a2fd40df86d4f45c4b83347b7071260a2e4deb0ca1104743f08ed49f0bf707d3cbd543d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b1b93738d048a36661885ca9c74810bb |
| SHA1 | 9bccf7b9a85bf9080cd31948c606279d7bf7355e |
| SHA256 | 947091ebc23e6ce16f94c98f7af5a7887e195fc2742c166c43c4b2810774a3a2 |
| SHA512 | fd38142c0a28157aed139d8dbb7106454c03e2d113e1c0d3185cfcea87ceaaaad49b6b6838dc8d7112a21d6738a73e985f03b7aee0caf49f52b777d871ec88fb |